Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backport: extended dynamic access #4719

Merged
merged 2 commits into from
Nov 5, 2020
Merged

backport: extended dynamic access #4719

merged 2 commits into from
Nov 5, 2020

Conversation

fspmarshall
Copy link
Contributor

Backport of #4573

@fspmarshall
vendor testify/assert
ebbe587
@fspmarshall
extended dynamic access API
f4f30fe 
Various improvements related to extending the dynamic access
API, including:

- Support for users with no statically defined roles.

- Unify trait mapping logic (e.g. claims_to_roles) across
the connector types.

- Support for matcher syntax and claims_to_roles mappings when
configuring which roles a user is able to request.

- Allow tsh or the web UI to automatically generate wildcard
access requests when dictated by role configuration.

- Allow RBAC configuration to attach annotations to pending
access requests which can be consumed by plugins.

- Allow plugins to attach annotations to approvals/denials
which appear in the audit log, and may also be looked up
later to determine additional info about a resolution.

- Support prompts, request reasons, and approval/denial
reasons for access requests.
@fspmarshall fspmarshall merged commit dc57bb7 into branch/4.4 Nov 5, 2020
@fspmarshall fspmarshall deleted the fspmarshall/extended-dynamic-access-backport-2 branch November 5, 2020 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@russjones russjones russjones approved these changes

@awly awly Awaiting requested review from awly

@klizhentas klizhentas Awaiting requested review from klizhentas klizhentas is a code owner

@webvictim webvictim Awaiting requested review from webvictim webvictim is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fspmarshall @russjones